WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

CWS/no internet access

Started by gregc , Mar 04 2006 08:46 PM

This topic is locked

7 replies to this topic

#1 gregc

New Member

New Member
3 posts

Posted 04 March 2006 - 08:46 PM

I ran Ad Aware and CWShredder on my computer. Ad Aware removes some issues but they reappear after rebooting. I can't access the internet with internet explorer. I can ping websites through command prompt, such as yahoo. I can't update Ad Aware or Cwshredder because of the connection problem. Here is my log. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 7:56:31 PM, on 3/4/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\intell321.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\GREG&K~1\LOCALS~1\Temp\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\GREG&K~1\LOCALS~1\Temp\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.greenbaynet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3837F1DE-9502-4872-8045-AE366D758041} - C:\WINDOWS\System32\goai.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows Task Manager] C:\windows\system32\taskmgn.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [alij] C:\WINDOWS\System32\run454.exe dummy
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20006\services.exe
O4 - HKLM\..\Run: [intell321.exe] C:\WINDOWS\System32\intell321.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ssdiag] C:\WINDOWS\ssdiag.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\GREG&K~1\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O18 - Filter: text/html - {E4D5D899-BE52-498C-ADA6-BA49BA9802A4} - C:\WINDOWS\System32\goai.dll
O18 - Filter: text/plain - {E4D5D899-BE52-498C-ADA6-BA49BA9802A4} - C:\WINDOWS\System32\goai.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: lanH32 - C:\WINDOWS\SYSTEM32\lanH32.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_14.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Advertisements

Register to Remove

#2 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 05 March 2006 - 08:39 AM

Hello gregc, welcome to the TC.

Lets see if we can get the PC back on the internet. This file will fit on a floppy or thumb drive.

Get a copy of winsockxpfix.exe You just run it and
things should work OK after it reboots your system.

http://www.snapfiles...nsockxpfix.html

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#3 gregc

New Member

New Member
3 posts

Posted 05 March 2006 - 05:14 PM

I ran winsockxpfix with no success. I still am unable to make an internet connection or open the internet explorer without it pointing to the homepage 'about:blank'. We type in other addresses but it doesn't move to the site. I run Ad Aware and it finds numerous instances of CoolWebSearch, I then run CWShredder but it finds no instances to remove, yet I run Ad Aware again, they are still there. Thanks!

#4 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 05 March 2006 - 05:25 PM

So you can use the internet?

Make sure you have the latest.
Download CW-Shredder at the link below: (don't run it yet)
http://cwshredder.ne.../CWShredder.exe

Download 'SpSeHjfix'. into a folder. (don't run it yet)

Please download the trial version of ewido security suite. Install ewido security suite and start the program from the icon on your desktop, then check for and download updates.(Don't run it yet)

Restart in Safe Mode:
Restart your computer.

Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Disconnect from the net and Close ALL OPEN PROGRAMS.
Run 'SpSeHjfix'. and click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder.

Now run the Shredder - Hit The FIX button!

Reboot and repeat the process above starting with: Disconnect from the net .

Next: While still in Safe Mode.
Open Ewido Security Suite

Click on scanner
Make sure the following boxes are checked before scanning:
- Binder
- Crypter
- Archives
Click on Start Scan
Let the program scan the machine

While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

Click Save report
Save the report to your desktop

In the Control Panel click Display > Desktop > Customize desktop > Website > Uncheck "Security Info" if present.

empty recycle bin.

Reboot and post a fresh HJT log, the log from the Ewido scan and the log that was created by 'SpSeHjfix'.

Edited by LDTate, 05 March 2006 - 05:31 PM.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#5 gregc

New Member

New Member
3 posts

Posted 06 March 2006 - 10:46 PM

To answer your first question - I have internet access through an older PC, that's how I have been able to get the programs and make contact... handy, glad I didn't trash it!

Here are the log files from the infected PC. Thanks!!

Logfile of HijackThis v1.99.1
Scan saved at 10:25:49 PM, on 3/6/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.greenbaynet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows Task Manager] C:\windows\system32\taskmgn.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20006\services.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ssdiag] C:\WINDOWS\ssdiag.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: lanH32 - C:\WINDOWS\SYSTEM32\lanH32.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_14.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

***********
(3/6/06 9:20:38 PM) SPSeHjFix started v1.1.2
(3/6/06 9:20:38 PM) OS: WinXP Service Pack 1 (5.1.2600)
(3/6/06 9:20:38 PM) Language: english
(3/6/06 9:20:38 PM) Win-Path: C:\WINDOWS
(3/6/06 9:20:38 PM) System-Path: C:\WINDOWS\System32
(3/6/06 9:20:38 PM) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
(3/6/06 9:20:51 PM) Disinfection started
(3/6/06 9:20:51 PM) Bad-Dll(IEP): c:\docume~1\greg&k~1\locals~1\temp\se.dll
(3/6/06 9:20:51 PM) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\System32\goai.dll
(3/6/06 9:20:51 PM) Searchassistant Uninstaller - Keys Deleted
(3/6/06 9:20:51 PM) UBF: 9 - UBB: 6 - UBR: 23
(3/6/06 9:20:51 PM) FilterKey: HKCR\text/html (deleted)
(3/6/06 9:20:51 PM) FilterKey: HKCR\CLSID\{C89F5818-4C58-48AB-9C53-C9D5D7980786} (deleted)
(3/6/06 9:20:51 PM) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(3/6/06 9:20:51 PM) FilterKey: HKCR\text/plain (deleted)
(3/6/06 9:20:51 PM) FilterKey: HKCR\CLSID\{C89F5818-4C58-48AB-9C53-C9D5D7980786} (error while deleting)
(3/6/06 9:20:51 PM) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(3/6/06 9:20:51 PM) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3837F1DE-9502-4872-8045-AE366D758041} (deleted)
(3/6/06 9:20:51 PM) BHO-Key: HKCR\CLSID\{3837F1DE-9502-4872-8045-AE366D758041} (deleted)
(3/6/06 9:20:51 PM) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\GREG&K~1\LOCALS~1\Temp\se.dll,DllInstall (deleted)
(3/6/06 9:20:51 PM) UBF: 7 - UBB: 5 - UBR: 22
(3/6/06 9:20:51 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank

*************
+ Created on: 10:18:44 PM, 3/6/2006
+ Report-Checksum: 934D9B84

+ Scan result:

C:\Documents and Settings\Greg\Local Settings\Temp\temp.fr414B -> Hijacker.StartPage.acn : Cleaned with backup
C:\Documents and Settings\Greg\Local Settings\Temp\temp.fr7A2B -> Hijacker.StartPage.acn : Cleaned with backup
C:\Documents and Settings\Greg & Kelly\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-531c338a-44921929.class -> Trojan.ClassLoader.Dummy.c : Cleaned with backup
C:\Documents and Settings\Greg & Kelly\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-419b2b1c-57a6cb4a.zip/web.exe -> Downloader.Small.xt : Cleaned with backup
C:\Documents and Settings\Greg & Kelly\Local Settings\Temp\temp.fr4AE7 -> Hijacker.StartPage.acn : Cleaned with backup
C:\Documents and Settings\Greg & Kelly\Local Settings\Temp\temp.frD833 -> Hijacker.StartPage.acn : Cleaned with backup
C:\Documents and Settings\Greg & Kelly\Local Settings\Temp\temp.frF87F -> Hijacker.StartPage.acn : Cleaned with backup
C:\WINDOWS\SYSTEM32\intell321.exe -> Trojan.Small.ev : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr115.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr118.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr127.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr131.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr15.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr159.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr171.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr183.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr193.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr201.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr204.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr221.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr232.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr24.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr27.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr305.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr332.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr342.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr353.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr355.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr366.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr394.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr401.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr426.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr436.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr437.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr447.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr457.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr467.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr497.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr509.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr548.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr559.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr568.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr589.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr597.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr630.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr632.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr640.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr66.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr671.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr68.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr691.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr700.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr701.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr723.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr732.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr733.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr765.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr781.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr806.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr835.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr843.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr855.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr865.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr87.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr885.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr901.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr917.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr925.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr968.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\ldr998.dll -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\mscornet.exe -> Downloader.Zlob.dm : Cleaned with backup
C:\WINDOWS\SYSTEM32\per.exe -> Downloader.Delf.aeu : Cleaned with backup
C:\WINDOWS\SYSTEM32\popcorn72.exe -> Downloader.Small.bgv : Cleaned with backup
C:\WINDOWS\SYSTEM32\private.exe -> Downloader.Delf.aco : Cleaned with backup
C:\WINDOWS\SYSTEM32\qz.sys -> Backdoor.Haxdoor.gr : Cleaned with backup
C:\WINDOWS\SYSTEM32\run454.exe -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\SYSTEM32\spoolsrv32.exe -> Adware.FindSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\srpcsrv32.dll -> Downloader.Agent.rm : Cleaned with backup
C:\WINDOWS\SYSTEM32\upd704.exe -> Dropper.Agent.ail : Cleaned with backup
C:\WINDOWS\SYSTEM32\upd79.exe -> Downloader.Delf.aco : Cleaned with backup
C:\WINDOWS\uninstDsk.exe -> Trojan.Small.ev : Cleaned with backup

::Report End

#6 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 07 March 2006 - 06:46 AM

Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Empty Recycle Bin

Reboot and "copy/paste" a new HJT log as well as the Resullts from Spy Sweeper file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#7 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 19 March 2006 - 09:09 AM

How are you doing with the fix?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#8 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 19 March 2006 - 09:21 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

Body Background

skin color theme